I have an extracted field that is alphanumeric and splunk is interpreting it as a string, obviously. But I am using rtrim to remove the alpha characters and leave only numeric characters. But as I confirmed with if(isstr()) splunk is still interpreting the field as a string. So, I tried to convert to number with tonumber() but results are coming back null. Any suggestions?
I don't suppose you could give an example of the field? That would help immensely. I'm guessing it's something like "100 kWH"?
Have you confirmed that eval xx=rtrim(Total_Energy,"kWH")
results in something that looks like a number? Is there a space in your "kWH" that I can't see and is there a space between the number and the string? A trailing space might make the rtrim output look not like a number and would be hard to see.
rtrim
seems kinda like an odd choice, though it seems like it should work. Personally I would have used a regular expression with replace
:
replace(Total_Energy, "^(\d+)", "\1")
I don't suppose you could give an example of the field? That would help immensely. I'm guessing it's something like "100 kWH"?
Have you confirmed that eval xx=rtrim(Total_Energy,"kWH")
results in something that looks like a number? Is there a space in your "kWH" that I can't see and is there a space between the number and the string? A trailing space might make the rtrim output look not like a number and would be hard to see.
rtrim
seems kinda like an odd choice, though it seems like it should work. Personally I would have used a regular expression with replace
:
replace(Total_Energy, "^(\d+)", "\1")
That was the problem. I was forgetting about the space before the kWH. this worked correctly
eval xx=rtrim(Total_Energy, " kWH")
Thanks!!
figured out a workaround from another post that converts my string to a number. Could there be a bug in tonumber()?
eval TE=strptime(rtrim(Total_Energy,"kWH"),"%s")